Skip to Main Content

University of Wyoming Division of Information Technology

Firewall Considerations

  • H.323 devices can be placed on the UW secured network (protected by the UW firewall) or be placed in a special video DMZ.
  • The video DMZ exists for endpoints that must answer calls from remote video equipment that is not connected to the UW network (i.e., where the remote device must initiate the connection).
  • H.323 devices on either the UW secured network or the video DMZ can initiate calls to remote H.323 devices.
  • H.323 devices installed on general purpose workstations (for example, Desktop PCs with Polycom ViaVideo or Microsoft NetMeeting clients) should be connected to the UW secured network.
  • H.323 devices in the video DMZ cannot initiate point-to-point calls to H.323 devices on the secured network – thus, such calls should be initiated from devices on the secured network (or else scheduled using VCS).
  • Network ports assigned to the video DMZ require special configuration. Once configured, such ports will not support DHCP or connections for devices to be placed in the UW secured network. A special DMZ has been created for video because it in envisioned that ports in public areas, such as conference rooms, will be configured for the video DMZ and may not be secured physically; thus video devices will be separated into a special DMZ configured exclusively for video purposes.
  • By definition, all video conferences that involve three or more endpoints require use of an MCU. The MCU and related video conference scheduling software (VCS) will accommodate endpoints in the secured network, the video DMZ, or external devices. All such devices must first register with the UW Gatekeeper.
  • Network Quality of Service (QoS) is essential for reliable, high quality, video conferences. Network QoS implementation is dependant on Gatekeeper functionality. In order to use Gatekeeper functionality, video devices must register with the Gatekeeper and utilize E.164 addressing. Thus, users will be discouraged from creating ad hoc point-to-point meetings using IP addresses or DNS names which do not utilize Gatekeeper functionality. Point-to-point ad hoc meetings created using IP addresses or DNS names may work today but may not work in the future as QoS is further implemented in the network. In order to ensure the reservation of network bandwidth for a video conference, users are encouraged to schedule video conferences using the VCS application.

Share This Page: